On September 20, 2024, the Lassen Clinics learned there was an active cyber event on its IT network involving an unknown individual. The Lassen Clinics’ IT network was temporarily disabled and rendered inaccessible before the Lassen Clinics were able to restore it the next day. Upon learning of the security incident, the Lassen Clinics immediately took steps to secure its network and began an investigation with the assistance of an external forensics vendor.
The investigation determined that an unauthorized third party gained access to the Lassen Clinics network between September 17, 2024, to September 20, 2024. On December 3, 2024, the Lassen Clinics learned that the unauthorized third party obtained copies of some of the data from its systems containing confidential patient medical information, however, the unauthorized third party did not acquire any data directly from the Lassen Clinics’ Electronic Medical Record (EMR).
Some information in the Lassen Clinics' records may have been accessed or acquired by an unauthorized third party. The information in the files may have included name, address, date of birth, driver's license number, financial account information, as well as medical and health insurance information. A small number of individuals may also have had a Social Security Number involved.
Upon learning of the event, the Lassen Clinics took quick action to protect its systems, contain the incident, open an investigation, and maintain continuity of healthcare. Once secured, systems were returned to the network with additional security and monitoring tools.
On the Lookout: The Software Supply Chain as a Healthcare Cyberattack Vector
Hackensack Meridian Health & Wellness Center at Clifton Opens
Suffolk Breaks Ground on Expansion of White Plains Hospital
EVS Leadership Culture Critical in Preventing Hospital-Acquired Sepsis
Man Dies by Suicide in Emergency Department Waiting Room at Kansas Hospital